package com.syty.demo.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;

@Api("Shiro-框架配置类")
@Configuration
public class ShiroConfig {

    @ApiOperation("获取自定义的UserRealm")
    @Bean("userRealm")
    public UserRealm getUserRealm(){
        UserRealm userRealm = new UserRealm();
        //修改默认的凭证校验匹配器
        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        //设计加密算法为MD5
        credentialsMatcher.setHashAlgorithmName("MD5");
        //设置散列次数
        credentialsMatcher.setHashIterations(1024);
        userRealm.setCredentialsMatcher(credentialsMatcher);
        //开启本地缓存管理  个人项目，所以选择EhCache本地缓存
        userRealm.setCacheManager(new EhCacheManager());
        userRealm.setCachingEnabled(true);//开启全局缓存
        userRealm.setAuthenticationCachingEnabled(true);//开启认证缓存
        userRealm.setAuthenticationCacheName("authenticationCache");
        return userRealm;
    }

    @ApiOperation("获取web框架环境管理器，并且将自定义的UserRealm注册")
    @Bean("getDefaultWebSecurityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(userRealm);
        return defaultWebSecurityManager;
    }

    @ApiOperation("由管理器获取工厂Bean")
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //设置安全管理器
        bean.setSecurityManager(defaultWebSecurityManager);

        //实现shiro的内置过滤器
        /**
         * anon:无需认证就可以访问
         * authc:必须认证了才能访问
         * user:必须拥有记住我功能才能用
         * perms:拥有对某个资源的权限才能访问
         * role:拥有某个角色权限
         *
         */

        //拦截判断
        Map<String, String> filter = new LinkedHashMap<>();
        filter.put("/loginProcessor","anon");//表示这个为公共资源 一定是在受限资源上面
        filter.put("/registerProcessor","anon");
        filter.put("/","anon");
        filter.put("/login","anon");
        filter.put("/remake","anon");
        filter.put("/logout","logout");
        filter.put("/error","anon");

        filter.put("/**","user");//表示这个所有资源都为私有资源  需要认证
//
//        // 设置认证界面路径
        bean.setLoginUrl("/login");
//        //未授权页面
        bean.setUnauthorizedUrl("/unauthorized");
//        //设置认证成功页面
        bean.setSuccessUrl("/index");
//
//        //将map类型的过滤规则注入
        bean.setFilterChainDefinitionMap(filter);

        return bean;
    }


}
